CVE-2025-46093
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-04
Last updated on: 2025-08-07
Assigner: MITRE
Description
Description
LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| liquidfiles | liquidfiles | to 4.1.2 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in LiquidFiles versions before 4.1.2 involves the FTP SITE CHMOD command allowing mode 6777 (setuid and setgid). This enables FTPDrop users to execute arbitrary code with root privileges by exploiting the Actionscript feature combined with the sudoers configuration.
How can this vulnerability impact me? :
An attacker who exploits this vulnerability can execute arbitrary code as the root user, potentially leading to full system compromise, unauthorized access, data modification, or disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70